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CLAIMS 

1 . A layer 2 switch, comprising: 

a plurality of ports, at least one port of said plurality of ports capable of being set to a status 
of root guard protected (RG status); 

first circuits for running the spanning tree protocol (STP) in said layer 2 switch, said STP 
capable of selecting said at least one port as either a designated port or as a root port; 

second circuits for running root guard protocol, and said root guard protocol determining 
whether or not a port set to RG status has been selected by STP as a root port; and, 

blocking circuits to set said at least one port into blocked status, said blocking circuits 
setting said at least one port into blocked status in response to said at least one port being both in 
root guard protected status and selected by STP as a root port. 

2. A method of managing a switch for use in a computer network, comprising: 

providing a plurality of ports, at least one port of said plurality of ports capable of being set 
to a status of root guard protected (RG status); 

setting said at least one port to RG status; 

running a spanning tree protocol (STP) in said switch, said STP capable of selecting said at 
least one port as either a designated port or as a root port; 
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running root guard protocol, and said root guard protocol determining whether or not a port 
set to RG status has been selected by STP as a root port; and, 

setting said at least one port into blocked status, in response to said at least one port being 
both in root guard protected status and selected by STP as a root port. 

3. A method of managing a switch for use in a computer network, comprising: 

providing a plurality of ports, at least one port of said plurality of ports capable of being set 
to a status of root guard protected (RG status); 

setting said at least one port to RG status; 

running a spanning tree protocol (STP) in said switch, said STP capable of selecting said at 
least one port as either a designated port or as a root port; 

determining whether or not said at least one port set to RG status has been selected by STP 
as a root port; 

setting said at least one port into blocked status in response to said at least one port being 
both in root guard protected status and selected by STP as a root port. 

4. A data structure stored in a memory of a computer network switch, said entries having a "state" 
field and a "role" field, said state field having the value of "blocked" or the value of "forwarding", 
comprising: 

a first entry having the role field set to "root port" and the state field set to forwarding; 
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a second entry having the role field set to "designated port" and the state field set to 
forwarding; 

a third entry having the role field set to "blocked port" and the state field set to blocked; 

and, 

a fourth entry having the role field set to "root inconsistent port" and the state field set to 
blocked. 

5. A computer network having a core network and a plurality of customer networks connected 
thereto by a perimeter port of a perimeter switch in said core network being connected to a port of a 
switch in a customer network of the plurality of customer networks, comprising: 

a first process for setting said perimeter port to a status of root guard protected (RG status); 

a second process for running the spanning tree protocol (STP) in said perimeter switch, said 
STP capable of selecting said perimeter port as either a designated port or as a root port; 

a third process for executing a root guard protocol, said root guard protocol determining 
whether or not a port set to RG status has been selected by STP as a root port; and, 

blocking circuits to set said perimeter port into blocked status, said blocking circuits setting 
said perimeter port into blocked status in response to said perimeter port being both in root guard 
protected status and selected by STP as a root port. 

6. Means for operating a computer network, comprising: 

establishing said computer network as having a core network and a plurality of customer 
networks connected thereto by a perimeter port of a perimeter switch in said core network being 
connected to a port of a switch in a customer network of the plurality of customer networks; 
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setting said perimeter port to a status of root guard protected (RG status); 

running the spanning tree protocol (STP) in said perimeter switch, said STP capable of 
selecting said perimeter port as either a designated port or as a root port; 

executing a root guard protocol, said root guard protocol determining whether or not a port 
set to RG status has been selected by STP as a root port; and, 

setting said perimeter port into blocked status in response to said perimeter port being both 
in root guard protected status and selected by STP as a root port. 

7. A method for operating a computer network switch, said computer network switch having a 
perimeter port connected to a second switch, comprising: 

setting said perimeter port to a status of root guard protected (RG status); 

running a spanning tree protocol (STP) in said computer network switch, said STP capable 
of selecting said perimeter port as either a designated port or as a root port; 

executing a root guard protocol, said root guard protocol determining whether or not a port 
set to RG status has been selected by STP as a root port; and, 

setting said perimeter port into blocked status in response to said perimeter port being both 
in root guard protected status and selected by STP as a root port. 

8. The process of claim 7, further comprising: 
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executing a process in a CPU control engine to set said perimeter port to a status of root 
guard protected; 

executing a process in said CPU control engine to run said spanning tree protocol; and, 
executing a process in said CPU control engine to execute said root guard protocol. 

9. A computer readable memory device, comprising: said computer readable memory device 
containing instructions for practice of the method of claim 7. 

10. Electromagnetic signals propagated over a computer network, comprising: said 
electromagnetic signals having instructions for practice of the method of claim 7. 



37 

H:\l 12\025\0198\PROSECUTU98J\VrAPP.doc 08/23/00 2:39 PM 



